1. Enhances, executes, and manages a formal application security program. Establish and execute forward looking application security strategies that enable proactive secure application development.

2. Works closely with the broader information security team to align application security efforts with overall security objectives and initiatives.

3. Partners with application development and operation teams (and business stakeholders) to set the path for secure development practices for existing and future applications.

4. Provides advice, in collaboration with the Security Assurance and Security Policy functions, on the development and maintenance of security standards, policies, and guidelines for application development. This includes enhancing software security design standards – building in security best practices at the beginning of the software development life cycle.

5. Collaborates with the Security Architecture function to analyze and make recommendations to improve application security architectures.

6. Provides guidance and training to developers on secure coding practices and common vulnerabilities.

7. Collaborates with development teams in conducting application security tests, threat modeling, and code analysis to identify and mitigate security vulnerabilities

8. Stays updated on emerging threats, vulnerabilities, and industry trends in application security, and ensure that security measures are continuously improved and updated.

9. Regularly monitors the Application Security program’s operational health and maturity through key metrics and risk reporting.

Minimum Qualifications

Advanced degree in information security, computer science, engineering, mathematics, or related field of study plus a minimum of 8 years of progressive information security work experience; or a bachelor’s degree in information security, computer science, engineering, mathematics, or related field of study and minimum of 14 years of progressive information security work experience.

• Candidates should possess one or more of the following certification: CISSP, CISM, CCSP, CEH, GIAC
• Experience leading IAM related programs in regulated industries.

Relationship Management Skills

• Ability to establish and maintain effective partnerships and working relations in a multi-cultural, multi-ethnic environment with sensibility and respect for diversity.
• Demonstrates ability to represent the department fully and successfully to internal and external audiences.

Work Management Skills

• Navigates through obstacles and challenges effectively and demonstrates commitment to deliver successful results.
• Ability to lead, guide and mentor a diversified team of information security experts.
• Ability to collaborate with IT and business colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.
• Ability to manage a broad portfolio of services; ability to balance multiple priorities and demands.
• Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
• Interpersonal skills that create openness and trust among colleagues.
• Facilitation and conflict management skills that enable effective working relationships.
• Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
• Pragmatic security expert with an inherent ability to balance security demands with business reality.

Technical Skills

• Experience with assessment of a comprehensive and broad set of security technologies and processes, secure software development (Application Security), data protection, cryptography, key management, identity and access management, cloud API integration, network security, logging and monitoring within SaaS, IaaS, PaaS, and other cloud environments.
• Experience working with cybersecurity capabilities within cloud infrastructure and services specifically for Microsoft Azure (amongst others e.g., Amazon Web Services-AWS and/or Google Cloud Platform-GCP).
• An understanding of web service frameworks, mobile application architectures, and service architectures (such as event-driven, service-oriented, or serverless architectures).
• Experience with Docker and micro-services architecture.
• Strong understanding of application security leading practices including OWASP and CWE.
• Extensive experience in secure code reviews, business logic assessment, application security testing and
• automation of application security processes.
• Experience managing secure coding and software deployment in a variety of current languages (e.g., Python, Node.js, C#, .NET, JavaScript, Go, Ruby, PowerShell, Bash, Scala). Experience with a variety of SDKs and RESTful API design/development.
• Familiar with application security tools like BurpSuite Pro, SAST, DAST, Nmap, Metasploit, and Kali Linux, etc. Experience in 3rd-party testing tools such as Fortify, AppScan, Veracode, WhiteHat, etc.
• Experience working with Agile development/Scrum methodologies, and incorporation of security requirements into SDLC (CI/CD) with product owners/managers.
• Familiarity with HTML/CSS, JavaScript and UI/UX design and software quality assurance principles.